Oddbean new post about | logout
 Only #GrapheneOS can stand up to Cellbrite's phone hacking capabilities. Choose your phone and O/S wisely.

https://grapheneos.social/@GrapheneOS/112462758257739953 
 Think the spooks can crack the titan chip? To my knowledge it's the only open source SE? 
 If you mean state-level threats, it's not likely they'd want to target the secure element unless there's a requirement to prove they aren't tampering with data in the operation. This capability is most useful for attacks with physical access. Cellebrite wants this because their tools are used with seized phones for customers to extract a forensic copy of it's data.

It is almost certain groups are researching this capability. We recommend users to use a high entropy passphrase that can't be brute forced if they believe that it could happen and if it will be used against them. Brute force also doesn't always mean secure element is exploited, MSAB's now burned stock Pixel brute force capability used a memory dump instead of secure element.

Remote exploitation may be better for intelligence agencies. GrapheneOS defence strategy puts remote exploitation as the most dangerous threat we want to protect against. Users with that risk should do due diligence on who and what apps they communicate with. 
 Thanks! 
 Cellebrite recently had a job application for an Android security researcher with experience in MTE and PAC (ARMv9 security features) as a desirable bonus.

Can you guess the only mobile OS with the best/only production MTE implementation and PAC in userspace and not just kernel?

🫣🤔